41337637
submission
Sparrowvsrevolution writes:
In the wake of the Newtown, Connecticut shootings, the 3D-printing firm Makerbot has deleted a collection of blueprints for gun components from Thingiverse, its popular user-generated content website that hosts 3D-printable files. Though Thingiverse has long banned designs for weapons and their components in its terms of service, it rarely enforced the rule until the last few days, when the company’s lawyer sent notices to users that their software models for gun parts were being purged from the site.
Gun control advocates were especially concerned about the appearance of lower receivers for semi-automatic weapons that have appeared on Thingiverse. The lower receiver is the the “body” of a gun, and its most regulated component. So 3D-printing that piece at home and attaching other parts ordered by mail might allow a lethal weapon to be obtained without any legal barriers or identification.
Makerbot’s move to delete those files may have been inspired in part by a group calling itself Defense Distributed, which announced its intention to create an entirely 3D-printable gun in August and planned to potentially upload it to Thingiverse. Defense Distributed says it's not deterred by Makerbot's move and will host the plans on its own site.
41042739
submission
Sparrowvsrevolution writes:
Much has been made of consumer 3D printers like Makerbot's Replicator and the open-source RepRap. But for those not yet willing to shell out thousands of dollars for their own machine, Shapeways offers 3D printing as a mail-order service. And its new Queens, NY factory, captured in this video and slideshow, is now the biggest production facility for consumer 3D printing in the world.
Just one of Shapeways' industrial 3D printers, which use lasers to fuse nylon dust, can print a thousand objects in a day, with far higher resolution than a consumer machine as well as intricate features like interlocking and nested parts. The company hopes to have more than fifty of those printers up and running within a year. And it also offers printing in materials that aren't attainable at home, like gold, silver, ceramic, sandstone and steel.
40848725
submission
Sparrowvsrevolution writes:
Slashdot readers are no doubt familiar by now with the case of Onity, the company whose locks are found on 4 million hotel room doors worldwide and, as came to light over the summer, can be opened in seconds with a $50 Arduino device. Since that hacking technique was unveiled by Mozilla developer Cody Brocious at Black Hat, Onity first downplayed its security flaws and then tried to force its hotel customers to pay the cost of the necessary circuit board replacements to fix the bug.
But now, after at least one series of burglaries exploiting the bug hit a series of hotel rooms in Texas, Onity has finally agreed to shoulder the cost of replacing the hardware itself--at least for its locks in major chain hotels in the U.S. installed after 2005.
Score one point for full disclosure.
40651013
submission
Sparrowvsrevolution writes:
In the wake of Syria’s 52-hour digital blackout last week, the networking firm Renesys performed an analysis of which countries are most susceptible to an Internet shutdown, based simply on how many distinct entities control the connections between the country’s networks and those of the outside world. It found that for 61 countries and territories, just one or two Internet service providers maintain all external connections–a situation that could make possible a quick cutoff from the world with a well-placed government order or physical attack.
Another 72 countries have between three and ten providers that link to the outside world, a situation that makes a cutoff harder but by no means impossible. Egypt managed to black out its Internet last year despite having seven ISPs with external connections, though it took several days for it to track down and cut off all seven.
40428389
submission
Sparrowvsrevolution writes:
Slashdotters may remember a vulnerability in four million keycard locks presented at the Black Hat conference in July. Hacker Cody Brocious showed he could insert a device he built for less than $50 into the port at the bottom of the common hotel lock, read a key out of its memory, and open it in seconds.
Two months later, it turns out at least one burglar was already making use of that technique to rob a series of hotel rooms in Texas. The Hyatt House Galleria in Houston has revealed that in at least three September cases of theft from its rooms, the thief used that Onity vulnerability to effortlessly open rooms and steal valuables like laptops. Petra Risk Solutions, an insurance firm focus the hospitality industry also reports that at least two other hotels in Texas were hit with the attack.
Onity has been criticized for its less-than-stellar response to a glaring vulnerability in its devices. The Hyatt says Onity didn't provide a fix until after its break-ins, forcing the hotel to plug its locks' ports with epoxy. And even now, Onity is asking its hotel customers to pay for the full fix, which involves replacing the locks' circuit boards.
39872747
submission
Sparrowvsrevolution writes:
Since 2008, Dallas, Texas attorney Erich Spangenberg and his company TQP have been launching suits against hundreds of firms, claiming that merely by using SSL, they've violated a patent TQP acquired in 2006. Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented. So far Spangenberg’s targets have included Apple, Google, Intel, Dell, Hewlett-Packard, every major bank and credit card company, and scores of web startups and online retailers, practically anyone who encrypts pages of a web sites to protect users’ privacy. And while most of those lawsuits are ongoing, many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil.
The patent has expired now, but Spangenberg can continue to sue users of SSL for six more years and seems determined to do so as much as possible. “When the government grants you the right to a patent, they grant you the right to exclude others from using it,” says Spangenberg. "I don’t understand why just because [SSL is] prevalent, it should be free."
39666093
submission
Sparrowvsrevolution writes:
Over the weekend, New Jersey’s lieutenant governor Kim Guadagno announced that voters in some sections of the state hit by Hurricane Sandy could apply by email for a ballot, fill it out at home, scan it, and email it to voting officials, a measure designed to accommodate those stranded by storm damage and unable to reach polling places.
It took less than 24 hours for computer scientists to start pointing out the glaring problems with that workaround: Unencrypted emails can be spoofed or tampered with. The computers used to send the emails, many of which will be in public places like libraries or shelters, could be compromised to change or block voters’ choices. And the computer that receives the emails may be just as vulnerable to sabotage–given that voters will be sending their ballots as attached files, the receiving PC will need to open attachments sent by unknown users, one of the most common practices leading to malware infections. Princeton prof Andrew Appel even argues that the scheme may be illegal, and University of Pennsylvania information security professor Matt Blaze says it's "almost guaranteed that we’re going to have a bunch of mini-2000-in-Floridas all over the state."
39084207
submission
Sparrowvsrevolution writes:
Over the weekend at the ToorCon hacker conference in San Diego, Michael Ossmann of Great Scott Gadgets revealed a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as “software-defined radios.” Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megaherz to 6 gigaherz, intercepting or reproducing frequencies used by everything from FM radios to police communications to garage door openers to Wifi and GSM to next-generation air traffic control system messages.
At Ossmann’s target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities. And to fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program.
38982481
submission
Sparrowvsrevolution writes:
On Thursday the well-known iOS hacker Comex, a.k.a. 20-year old Brown University student Nicholas Allegra, revealed that after a year as an intern at Apple, his time at the company had abruptly ended. Allegra, who amazed the security world with popular iOS hacking tools like Jailbreakme 2 and Jailbreakme 3 before being recruited by Apple last summer, explained that he had been let go because he failed to respond to a formal email offering to continue his employment at Apple as a remote intern. Apple HR apparently wasn't willing to forgive the slip-up. “I wasn’t too happy about it, but it didn’t seem like I was able to fix it,” he says. “So that’s what it is.”
No telling whether Comex will start working on an iOS 6 jailbreak--he says that even now, his employment contract with Apple may prevent him from reverse engineering the company's products.
38891023
submission
Sparrowvsrevolution writes:
Maybe instead of zero day vulnerabilities, we should call them -312 day vulnerabilities. That's how long it takes on average for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week.
The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average–up to 2.5 years in some cases–before the security community became aware of them. “In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many,” the researchers write.
38662589
submission
Sparrowvsrevolution writes:
Information may want to be free, but WikiLeaks would actually rather that you paid for it. On Wednesday night the group briefly implemented a donate-what-you-want "paywall" for the material posted on the site, showing users a pop-up video interstitial that asked for payments if they clicked on any links to documents. The move--demanding payment for information that alleged sources like hacker Jeremy Hammond and Bradley Manning face prison time for sending to the site--didn't go over well: From various twitter feeds, the hacker Anonymous declared WikiLeaks "moneywhoring" and "pathetic" and threatened to launch attacks against the group. After initially defending the paywall, WikiLeaks dropped it a few hours later without comment.
37538699
submission
Sparrowvsrevolution writes:
Wired has published an excerpt of the new WikiLeaks-related book "This Machine Kills Secrets," which delves into the launch of the WikiLeaks spinoff OpenLeaks at the Chaos Communication Camp in Berlin last year. The detailed account of the site's debut, with German ex-WikiLeaker Daniel Domscheit-Berg at the helm, reveals that even before the dispute between WikiLeaks and OpenLeaks led to the controversial destruction of the decryption keys for 3,000 of WikiLeaks encrypted leaks taken by Domscheit-Berg, OpenLeaks was already facing significant problems: Rumors that the group had been infiltrated by the German government, a lack of code open for public auditing and even a failure to get the site online in time for the penetration test it had invited the CCC hackers to perform. The book passage gives a peek into the infighting, bad luck, disorganization and personality problems that has left the world without a real sequel to WikiLeaks despite the dozens of leak-focused sites that have launched in the last two years.
36651717
submission
Sparrowvsrevolution writes:
Earlier this month, University of Texas law student Cody Wilson and a small group of friends who call themselves “Defense Distributed” launched an initiative they’ve dubbed the “ Wiki Weapon Project.” Their goal: to raise $20,000 to design and release blueprints for the world's first entirely 3D-printable gun. If all goes according to plan, RepRap users will soon be able to turn the project’s CAD designs into an operational firearm capable of shooting at least one standard .22 millimeter bullet, all in the privacy of their own garage.
Wilson and his handful of collaborators at Defense Distributed plan to use the money they raise to buy or rent a $10,000 Stratysys 3D printer and also to hold a 3D-printable gun design contest with a $1,000 or $2,000 prize for the winning entry–Wilson says they’ve already received gun design ideas from fans in Arkansas and North Carolina. Once the group has successfully built a reliable 3D-printed gun with the Stratysys printer, it plans to adapt the design for the cheaper and more widely distributed Reprap model.
The group had already raised more than $2,000 through the fundraising platform Indiegogo, but the site took down their page and froze their funds on Tuesday. They're continuing to seek donations through their website via Paypal and Bitcoin.
36574879
submission
Sparrowvsrevolution writes:
In an update to an earlier story on Slashdot, hotel lock company Onity is now offering a hardware fix for the millions of hotel keycard locks that hacker Cody Brocious demonstrated at Black Hat were vulnerable to being opened by a sub-$50 Arduino device. Unfortunately, Onity wants the hotels who already bought the company's insecure product to pay for the fix.
Onity is actually offering two different mitigations: The first is a plug that blocks the port that Brocious used to gain access to the locks' data, as well as more-obscure Torx screws to prevent intruders from opening the lock's case and removing the plug. That band-aid style fix is free. A second, more rigorous fix requires changing the locks' circuit boards manually. In that case, Onity is offering "special pricing programs" for the new circuit boards customers need to secure their doors, and requiring them to also pay the shipping and labor costs.
36415363
submission
Sparrowvsrevolution writes:
At the Usenix security conference in Seattle last week, a group of researchers from the University of California at Berkeley, Oxford University and the University of Geneva presented a study that hints at the darker side of a future where we control computers with our minds rather than a mouse. In a study of 28 subjects wearing brain-machine interface (BMI) headsets built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects’ brains that partially revealed private information like the location of their homes, faces they recognized and even their credit card PINs.
For the moment, the experimental theft of users' private information from brain signals is more science fiction than a real security vulnerability, since it requires tricking the victim into thinking about the target information at a certain time, and still doesn't work reliably. (Though much better than random.) But as BMI gets more sophisticated and mainstream, the researchers say their study should serve as a warning about privacy issues around the technology of mind-control.
